286 lines
7.1 KiB
Bash
286 lines
7.1 KiB
Bash
|
#!/bin/bash
|
||
|
#
|
||
|
# qilinux_samba_ldap.sh :
|
||
|
# Configures LDAP directory for use with SAMBA as a PDC
|
||
|
# as well as Idealx SMB-LDAP scripts
|
||
|
#
|
||
|
# Copyright (c) 2004 by Silvan Calarco <silvan.calarco@qilinux.it>
|
||
|
#
|
||
|
source /etc/rc.d/init.d/ldap-functions
|
||
|
source /etc/sysconfig/defaults
|
||
|
|
||
|
test $UID = 0 ||
|
||
|
{ echo "error: $0: must be superuser" >&2
|
||
|
{ (exit 1); exit 1; }; }
|
||
|
|
||
|
set_ldap_environment
|
||
|
case $? in
|
||
|
0) ;;
|
||
|
1) echo "error: $0: cannot read base dn from /etc/ldap.conf; aborting.";
|
||
|
exit 1 ;;
|
||
|
*) echo "error: $0: cannot find host DN. Check HOSTDC in /etc/sysconfig/
|
||
|
ldap." ;;
|
||
|
esac
|
||
|
|
||
|
argc=$#
|
||
|
for ((i=1; i<=argc; i++)); do
|
||
|
case ${!i} in
|
||
|
*) if test -z "$LDAPPASSWORD"; then LDAPPASSWORD=${!i}
|
||
|
fi
|
||
|
esac
|
||
|
done
|
||
|
|
||
|
tempfile=`tempfile 2>/dev/null` || tempfile=/tmp/qilinux_samba_ldap.ldif
|
||
|
trap "rm -f $tempfile" 0 1 2 5 15
|
||
|
|
||
|
echo "Configuring Samba"
|
||
|
# this must be done before any other thing or net getlocalsid won't work
|
||
|
grep "ldap suffix" /etc/samba/smb.conf > /dev/null
|
||
|
if [ $? -eq 1 ]; then
|
||
|
sed -i "/.*logon script.*/a\\
|
||
|
ldap admin dn = $LDAPBINDDN\\
|
||
|
ldap server = 127.0.0.1\\
|
||
|
ldap port = 636\\
|
||
|
ldap ssl = start tls\\
|
||
|
ldap suffix = $LDAPHOSTDN" /etc/samba/smb.conf
|
||
|
fi
|
||
|
|
||
|
grep "ldap machine suffix" /etc/samba/smb.conf > /dev/null
|
||
|
if [ $? -eq 1 ]; then
|
||
|
sed -i "/.*ldap suffix.*/a\\
|
||
|
ldap user suffix = ou=People\\
|
||
|
ldap group suffix = ou=Groups\\
|
||
|
ldap machine suffix = ou=Domain Computers\\
|
||
|
ldap idmap suffix = ou=Idmap" /etc/samba/smb.conf
|
||
|
fi
|
||
|
|
||
|
sed -i "s|passdb backend =.*)|passdb backend = ldapsam|" /etc/samba/smb.conf
|
||
|
|
||
|
echo "Setting samba password for LDAP"
|
||
|
smbpasswd -w "`cat /etc/ldap.secret`"
|
||
|
|
||
|
echo "Adding LDAP entries"
|
||
|
DESTHOME="/home"
|
||
|
DN=$LDAPHOSTDN
|
||
|
STSID="`net getlocalsid 2>/dev/null`" || { echo "Error getting localsid. Aborting."; exit 1; }
|
||
|
SID=${STSID#*: }
|
||
|
sed -i "s|\$SID=.*|\$SID=\'$SID\';|
|
||
|
s|\$suffix = .*|\$suffix = \"$DN\";|
|
||
|
s|\$binddn = .*|\$binddn = \"$LDAPBINDDN\";|
|
||
|
s|\$UID_START = .*|\$UID_START = $MINUID;|
|
||
|
s|\$GID_START = .*|\$GID_START = $MINUID;|" \
|
||
|
/etc/samba/smbldap-tools/smbldap.conf
|
||
|
|
||
|
cat > $tempfile << _EOF
|
||
|
#
|
||
|
# $DN: LDAP base DN
|
||
|
# $DESTHOME: /home
|
||
|
# $_userSmbHome (optional)
|
||
|
# $_userHomeDrive (optional)
|
||
|
# $_userProfile (optional)
|
||
|
# $SID: machine SID
|
||
|
|
||
|
dn: ou=Groups,$LDAPHOSTDN
|
||
|
objectClass: organizationalUnit
|
||
|
ou: Groups
|
||
|
|
||
|
dn: ou=Machines,$LDAPHOSTDN
|
||
|
objectClass: organizationalUnit
|
||
|
ou: Machines
|
||
|
|
||
|
dn: uid=Administrator,ou=People,$LDAPHOSTDN
|
||
|
cn: Administrator
|
||
|
sn: Administrator
|
||
|
objectClass: inetOrgPerson
|
||
|
objectClass: sambaSamAccount
|
||
|
objectClass: posixAccount
|
||
|
gidNumber: 65400
|
||
|
uid: Administrator
|
||
|
uidNumber: 65400
|
||
|
homeDirectory: $DESTHOME/Administrator
|
||
|
sambaPwdLastSet: 0
|
||
|
sambaLogonTime: 0
|
||
|
sambaLogoffTime: 2147483647
|
||
|
sambaKickoffTime: 2147483647
|
||
|
sambaPwdCanChange: 0
|
||
|
sambaPwdMustChange: 2147483647
|
||
|
sambaPrimaryGroupSID: $SID-65400
|
||
|
sambaLMPassword: XXX
|
||
|
sambaNTPassword: XXX
|
||
|
sambaAcctFlags: [U ]
|
||
|
sambaSID: $SID-2996
|
||
|
loginShell: /bin/false
|
||
|
gecos: Netbios Domain Administrator
|
||
|
|
||
|
dn: uid=guest,ou=People,$LDAPHOSTDN
|
||
|
cn: guest
|
||
|
sn: guest
|
||
|
objectClass: inetOrgPerson
|
||
|
objectClass: sambaSamAccount
|
||
|
objectClass: posixAccount
|
||
|
gidNumber: 65401
|
||
|
uid: guest
|
||
|
uidNumber: 65401
|
||
|
homeDirectory: /dev/null
|
||
|
sambaPwdLastSet: 0
|
||
|
sambaLogonTime: 0
|
||
|
sambaLogoffTime: 2147483647
|
||
|
sambaKickoffTime: 2147483647
|
||
|
sambaPwdCanChange: 0
|
||
|
sambaPwdMustChange: 2147483647
|
||
|
sambaPrimaryGroupSID: $SID-514
|
||
|
sambaLMPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
|
||
|
sambaNTPassword: NO PASSWORDXXXXXXXXXXXXXXXXXXXXX
|
||
|
sambaAcctFlags: [NU ]
|
||
|
sambaSID: $SID-2998
|
||
|
loginShell: /bin/false
|
||
|
|
||
|
dn: cn=Domain Admins,ou=Groups,$LDAPHOSTDN
|
||
|
objectClass: posixGroup
|
||
|
objectClass: sambaGroupMapping
|
||
|
gidNumber: 65400
|
||
|
cn: Domain Admins
|
||
|
memberUid: Administrator
|
||
|
description: Netbios Domain Administrators
|
||
|
sambaSID: $SID-65400
|
||
|
sambaGroupType: 2
|
||
|
displayName: Domain Admins
|
||
|
|
||
|
dn: cn=Domain Users,ou=Groups,$LDAPHOSTDN
|
||
|
objectClass: posixGroup
|
||
|
objectClass: sambaGroupMapping
|
||
|
gidNumber: 65401
|
||
|
cn: Domain Users
|
||
|
description: Netbios Domain Users
|
||
|
sambaSID: $SID-65401
|
||
|
sambaGroupType: 2
|
||
|
displayName: Domain Users
|
||
|
|
||
|
dn: cn=Domain Guests,ou=Groups,$LDAPHOSTDN
|
||
|
objectClass: posixGroup
|
||
|
objectClass: sambaGroupMapping
|
||
|
gidNumber: 65402
|
||
|
cn: Domain Guests
|
||
|
description: Netbios Domain Guests Users
|
||
|
sambaSID: $SID-65402
|
||
|
sambaGroupType: 2
|
||
|
displayName: Domain Guests
|
||
|
|
||
|
dn: cn=Administrators,ou=Groups,$LDAPHOSTDN
|
||
|
objectClass: posixGroup
|
||
|
objectClass: sambaGroupMapping
|
||
|
gidNumber: 65403
|
||
|
cn: Administrators
|
||
|
description: Netbios Domain Members can fully administer the computer/sambaDomainName
|
||
|
sambaSID: $SID-65403
|
||
|
sambaGroupType: 2
|
||
|
displayName: Administrators
|
||
|
|
||
|
dn: cn=Users,ou=Groups,$LDAPHOSTDN
|
||
|
objectClass: posixGroup
|
||
|
objectClass: sambaGroupMapping
|
||
|
gidNumber: 65404
|
||
|
cn: Users
|
||
|
description: Netbios Domain Ordinary users
|
||
|
sambaSID: $SID-65404
|
||
|
sambaGroupType: 2
|
||
|
displayName: users
|
||
|
|
||
|
dn: cn=Guests,ou=Groups,$LDAPHOSTDN
|
||
|
objectClass: posixGroup
|
||
|
objectClass: sambaGroupMapping
|
||
|
gidNumber: 65405
|
||
|
cn: Guests
|
||
|
memberUid: guest
|
||
|
description: Netbios Domain Users granted guest access to the computer/sambaDomainName
|
||
|
sambaSID: $SID-65405
|
||
|
sambaGroupType: 2
|
||
|
displayName: Guests
|
||
|
|
||
|
dn: cn=Power Users,ou=Groups,$LDAPHOSTDN
|
||
|
objectClass: posixGroup
|
||
|
objectClass: sambaGroupMapping
|
||
|
gidNumber: 65406
|
||
|
cn: Power Users
|
||
|
description: Netbios Domain Members can share directories and printers
|
||
|
sambaSID: $SID-65406
|
||
|
sambaGroupType: 2
|
||
|
displayName: Power Users
|
||
|
|
||
|
dn: cn=Account Operators,ou=Groups,$LDAPHOSTDN
|
||
|
objectClass: posixGroup
|
||
|
objectClass: sambaGroupMapping
|
||
|
gidNumber: 65407
|
||
|
cn: Account Operators
|
||
|
description: Netbios Domain Users to manipulate users accounts
|
||
|
sambaSID: $SID-65407
|
||
|
sambaGroupType: 2
|
||
|
displayName: Account Operators
|
||
|
|
||
|
dn: cn=Server Operators,ou=Groups,$LDAPHOSTDN
|
||
|
objectClass: posixGroup
|
||
|
objectClass: sambaGroupMapping
|
||
|
gidNumber: 65408
|
||
|
cn: Server Operators
|
||
|
description: Netbios Domain Server Operators
|
||
|
sambaSID: $SID-65408
|
||
|
sambaGroupType: 2
|
||
|
displayName: Server Operators
|
||
|
|
||
|
dn: cn=Print Operators,ou=Groups,$LDAPHOSTDN
|
||
|
objectClass: posixGroup
|
||
|
objectClass: sambaGroupMapping
|
||
|
gidNumber: 65409
|
||
|
cn: Print Operators
|
||
|
description: Netbios Domain Print Operators
|
||
|
sambaSID: $SID-65409
|
||
|
sambaGroupType: 2
|
||
|
displayName: Print Operators
|
||
|
|
||
|
dn: cn=Backup Operators,ou=Groups,$LDAPHOSTDN
|
||
|
objectClass: posixGroup
|
||
|
objectClass: sambaGroupMapping
|
||
|
gidNumber: 65410
|
||
|
cn: Backup Operators
|
||
|
description: Netbios Domain Members can bypass file security to back up files
|
||
|
sambaSID: $SID-65410
|
||
|
sambaGroupType: 2
|
||
|
displayName: Backup Operators
|
||
|
|
||
|
dn: cn=Replicator,ou=Groups,$LDAPHOSTDN
|
||
|
objectClass: posixGroup
|
||
|
objectClass: sambaGroupMapping
|
||
|
gidNumber: 65411
|
||
|
cn: Replicator
|
||
|
description: Netbios Domain Supports file replication in a sambaDomainName
|
||
|
sambaSID: $SID-65411
|
||
|
sambaGroupType: 2
|
||
|
displayName: Replicator
|
||
|
|
||
|
dn: cn=Domain Computers,ou=Groups,$LDAPHOSTDN
|
||
|
objectClass: posixGroup
|
||
|
objectClass: sambaGroupMapping
|
||
|
gidNumber: 65412
|
||
|
cn: Domain Computers
|
||
|
description: Netbios Domain Computers accounts
|
||
|
sambaSID: $SID-65412
|
||
|
sambaGroupType: 2
|
||
|
displayName: Domain Computers
|
||
|
|
||
|
dn: ou=Idmap,$LDAPHOSTDN
|
||
|
objectClass: organizationalUnit
|
||
|
ou: idmap
|
||
|
#structuralObjectClass: organizationalUnit
|
||
|
_EOF
|
||
|
|
||
|
echo $LDAPBINDDN $LDAPPASSWORD
|
||
|
if test -z "$LDAPPASSWORD"; then
|
||
|
ldapadd -x -c -D $LDAPBINDDN -W -h localhost -f $tempfile
|
||
|
else
|
||
|
ldapadd -x -c -D $LDAPBINDDN -w $LDAPPASSWORD -h localhost -f $tempfile
|
||
|
fi
|
||
|
|
||
|
rm -f $tempfile
|
||
|
|
||
|
exit 0
|